What is the CVSS score of CVE-2025-66510?

CVE-2025-66510 has a CVSS 3.1 base score of 4.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Nextcloud Server are affected by CVE-2025-66510?

Organizations using Nextcloud Server should be aware of moderate risk from CVE-2025-66510 rated CVSS 4.5. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-66510?

Within 30 days: Identify affected systems running Nextcloud Server and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Nextcloud Server CVE-2025-66510

EUVD-2025-201451 MEDIUM

Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)

2025-12-05 security-advisories@github.com

Information Disclosure Debian Nextcloud Server Nextcloud

4.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201451

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

Patch released

Mar 15, 2026 - 17:08 nvd

Patch available

CVE Published

Dec 05, 2025 - 17:16 nvd

MEDIUM 4.5

DescriptionNVD

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.

AnalysisAI

A security vulnerability in Nextcloud Server (CVSS 4.5) that allows an authenticated user. Remediation should follow standard vulnerability management procedures. Vendor patch is available.